Legal
Privacy Notice
Last updated: 14 May 2026
1. Who we are
Nothing 2 Wear is operated by Victoria Stewart Ltd, registered in the United Kingdom ("we", "us"). For the purposes of UK GDPR and EU GDPR we act as the data controller for personal data processed through the Service.
2. What we collect
We collect the following categories of personal data:
- Account data — name, email address, hashed password, sign-in events.
- Style profile — aesthetic preferences, fit preference, body shape (if you choose to share it), colours to avoid, lifestyle notes, and an optional mirror photo.
- Wardrobe content — photos of clothing, colours, categories, style tags and personal notes you upload.
- AI usage — the prompts and selections you submit to generate outfits or virtual try-on imagery, and your 👍 / 👎 feedback on suggestions.
- Support messages — the content of any email or message you send us.
- Telemetry — IP address, device and browser information, pages viewed, and basic analytics events used to monitor and improve the Service.
- Sponsor click data — when you click a sponsored recommendation, we record that you clicked so we can report aggregated metrics to sponsors.
Payment card details are collected and processed by our payment provider, Paddle. We never see or store your card details.
3. Why we use it
| Purpose | Legal basis |
|---|---|
| Create and run your account | Performance of contract |
| Generate outfits, gap analysis and virtual try-on imagery | Performance of contract |
| Personalise suggestions using your style profile and feedback | Performance of contract |
| Process payments and manage subscriptions (via Paddle) | Performance of contract / legal obligation |
| Prevent fraud, abuse and security incidents | Legitimate interests |
| Customer support | Performance of contract |
| Product analytics and improvement | Legitimate interests |
| Service emails (receipts, security, important changes) | Performance of contract / legal obligation |
| Marketing emails (only if you opt in) | Consent |
4. AI processing
To generate outfits and try-on imagery we send your prompts, your style profile summary and the relevant wardrobe images to AI model providers acting as our processors. We do not permit those providers to use your content to train their foundation models. Outputs are returned to you and stored against your account.
5. Who we share data with
- Hosting and infrastructure providers who store your account, database and uploaded photos on our behalf.
- Paddle.com, our Merchant of Record, who handles checkout, subscription management, payments, tax compliance, invoicing and refunds.
- AI model providers who process prompts and images to generate outfits and try-on results.
- Email delivery providers who send transactional and (if opted in) marketing emails.
- Analytics providers who help us understand aggregate product usage.
- Professional advisers (legal, accounting) where strictly necessary.
- Authorities where we are legally required to disclose data.
We do not sell your personal data.
6. International transfers
Some of our processors are based outside the UK and EEA, including in the United States. Where we transfer personal data internationally we rely on appropriate safeguards such as the UK International Data Transfer Addendum, EU Standard Contractual Clauses, or an adequacy decision, depending on the destination.
7. How long we keep it
- Account, style profile and wardrobe content — for as long as your account is active, plus up to 30 days after deletion to allow recovery.
- Generated outfits and feedback — for the lifetime of your account.
- Support messages — up to 3 years from the last interaction.
- Billing and tax records — retained by Paddle for the period required by applicable tax law (typically 7 years).
- Telemetry and analytics — typically up to 14 months in identifiable form, then aggregated.
8. Your rights
Depending on where you live, you have rights to:
- Access the personal data we hold about you;
- Have it corrected if it is inaccurate;
- Request deletion ("right to be forgotten");
- Restrict or object to certain processing;
- Receive your data in a portable format;
- Withdraw consent at any time (where processing is based on consent);
- Lodge a complaint with your supervisory authority — in the UK, the Information Commissioner's Office.
To exercise any of these rights, email support@nothing2wear.shop. We will respond within one month.
9. Security
We use appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), encrypted storage, role-based access controls, and row-level security on our database. No system is perfectly secure; please use a strong, unique password.
10. Cookies
We use a small number of cookies and similar technologies that are strictly necessary to run the Service (for example, to keep you signed in) and to measure aggregate usage. Where required by law we will ask for your consent before setting non-essential cookies.
11. Children
The Service is not directed at children under 16 and we do not knowingly collect data from them. If you believe a child has created an account, contact us and we will delete it.
12. Changes to this notice
We may update this notice from time to time. Material changes will be notified through the Service or by email.
13. Contact
Victoria Stewart Ltd
Email: support@nothing2wear.shop